Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-4905 MEDIUM

basestation3 < 3.0.4 - Deserialization of Untrusted Data in QC.py load_qc_pickl

CVE-2025-48134 HIGH

WP Tabs <= 2.2.12 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-4742 MEDIUM

XU-YIJIE grpo-flat <9024b43f091e2eb9bac65802b120c0b35f9ba856 - Dese...

CVE-2025-4740 MEDIUM

BeamCtrl Airiana <11.0 - Deserialization

CVE-2025-47784 CRITICAL

emlog < 2.5.14 - Deserialization of Untrusted Data via Crafted Nickname

CVE-2025-4701 MEDIUM

VITA-MLLM Freeze-Omni <20250421 - Deserialization

CVE-2025-47292 CRITICAL

Cap Collectif <commit 812f2a7d271b76deab1175bdaf2be0b8102dd198 - RCE

CVE-2025-3623 CRITICAL

Uncanny Automator < 6.4.0.2 - Unauthenticated PHP Object Injection via automator_api_decode_message()

CVE-2025-30384 HIGH

Microsoft Office SharePoint - Code Injection

CVE-2025-30382 HIGH

Microsoft Office SharePoint - Code Injection

CVE-2025-30378 HIGH

Microsoft Office SharePoint - Code Injection

CVE-2025-42999 CRITICAL KEV

SAP NetWeaver Visual Composer Metadata Uploader - Code Injection

CVE-2025-30012 CRITICAL

SAP Supplier Relationship Management - Unauthenticated Remote Code Execution via Live Auction Cockpit Deserialization

CVE-2025-46738 MEDIUM

SEL-5033 acSELerator RTAC Software < 1.154.200.3500 - Remote Code Execution via Layout Data File Deserialization

CVE-2025-47732 HIGH

Microsoft Dataverse - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-47683 HIGH

WP Maintenance <6.1.9.7 - Code Injection

CVE-2025-47629 HIGH

WP-CRM System <= 3.4.5 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-0855 CRITICAL

PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection via Import Header Deserialization

CVE-2025-30165 HIGH

vLLM 0.5.2-0.10.0 - Remote Code Execution via Pickle Deserialization in ZeroMQ Communication

CVE-2025-43852 CRITICAL

Retrieval-based-Voice-Conversion-WebUI < 2.2.231006 - Remote Code Execution via Unsafe Model Path Deserialization

CVE-2025-43851 CRITICAL

Retrieval-based-Voice-Conversion-WebUI < 2.2.231006 - Remote Code Execution via Unsafe Model Deserialization

CVE-2025-43850 CRITICAL

Retrieval-based-Voice-Conversion-WebUI < 2.2.231006 - Remote Code Execution via Unsafe Torch Deserialization

CVE-2025-43849 CRITICAL

Retrieval-based-Voice-Conversion-WebUI < 2.2.231006 - Remote Code Execution via Unsafe Torch Deserialization

CVE-2025-43848 CRITICAL

Retrieval-based-Voice-Conversion-WebUI < 2.2.231006 - Remote Code Execution via Unsafe Torch Deserialization

CVE-2025-43847 CRITICAL

Retrieval-based-Voice-Conversion-WebUI < 2.2.231006 - Remote Code Execution via Unsafe Torch Deserialization

Previous Page 39 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy